Merge branch 'main' into addphoto

ProtonMail · Sep 2, 2023 · 47a5c04 · 47a5c04
2 parents 0783366 + 3c4c8a2
commit 47a5c04
Show file tree

Hide file tree

Showing 76 changed files with 3,524 additions and 1,812 deletions.
diff --git a/.github/actions/build-gosop/action.yml b/.github/actions/build-gosop/action.yml
@@ -0,0 +1,55 @@
+name: 'build-gosop'
+description: 'Build gosop from the current branch'
+
+inputs:
+
+  go-crypto-ref: 
+    description: 'go-crypto branch tag or commit to build from'
+    required: true
+    default: ''
+
+  binary-location: 
+    description: 'Path for the gosop binary'
+    required: true
+    default: './gosop-${{ github.sha }}'
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout go-crypto
+      uses: actions/checkout@v3
+      with:
+        ref: ${{ inputs.go-crypto-ref }}
+        path: go-crypto
+    # Build gosop
+    - name: Set up latest golang
+      uses: actions/setup-go@v3
+      with:
+        go-version: ^1.18
+    - name: Check out gosop
+      uses: actions/checkout@v3
+      with:
+        repository: ProtonMail/gosop
+        path: gosop
+    - name: Cache go modules
+      uses: actions/cache@v3
+      with:
+        path: |
+          ~/.cache/go-build
+          ~/go/pkg/mod
+        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-
+    - name: Build gosop
+      run: ./.github/test-suite/build_gosop.sh
+      shell: bash
+    # Test the binary
+    - name: Print gosop version
+      run: ./gosop/gosop version --extended
+      shell: bash
+    # Move and rename binary
+    - name: Move binary
+      run: mv gosop/gosop ${{ inputs.binary-location }}
+      shell: bash
+
+
diff --git a/.github/test-suite/build_gosop.sh b/.github/test-suite/build_gosop.sh
@@ -0,0 +1,5 @@
+cd gosop
+echo "replace github.com/ProtonMail/go-crypto => ../go-crypto" >> go.mod
+go get github.com/ProtonMail/go-crypto
+go get github.com/ProtonMail/gopenpgp/v2/crypto@latest
+go build .
diff --git a/.github/test-suite/config.json.template b/.github/test-suite/config.json.template
@@ -0,0 +1,28 @@
+{
+    "drivers": [
+      {
+        "id": "gosop-branch",
+        "path": "__GOSOP_BRANCH__"
+      },
+      {
+        "id": "gosop-main",
+        "path": "__GOSOP_MAIN__"
+      },
+      {
+        "path": "__SQOP__"
+      },
+      {
+        "path": "__GPGME_SOP__"
+      },
+      {
+        "path": "__SOP_OPENPGPJS__"
+      },
+      {
+        "path": "__RNP_SOP__"
+      }
+    ],
+    "rlimits": {
+      "DATA": 1073741824
+    }
+}
+
diff --git a/.github/test-suite/prepare_config.sh b/.github/test-suite/prepare_config.sh
@@ -0,0 +1,12 @@
+CONFIG_TEMPLATE=$1
+CONFIG_OUTPUT=$2
+GOSOP_BRANCH=$3
+GOSOP_MAIN=$4
+cat $CONFIG_TEMPLATE \
+    | sed "s@__GOSOP_BRANCH__@${GOSOP_BRANCH}@g" \
+    | sed "s@__GOSOP_MAIN__@${GOSOP_MAIN}@g" \
+    | sed "s@__SQOP__@${SQOP}@g" \
+    | sed "s@__GPGME_SOP__@${GPGME_SOP}@g" \
+    | sed "s@__SOP_OPENPGPJS__@${SOP_OPENPGPJS}@g" \
+    | sed "s@__RNP_SOP__@${RNP_SOP}@g" \
+    > $CONFIG_OUTPUT
diff --git a/.github/workflows/interop-test-suite.yml b/.github/workflows/interop-test-suite.yml
@@ -0,0 +1,125 @@
+name: SOP interoperability test suite
+
+on:
+  pull_request:
+    branches: [ main ]
+
+jobs:
+
+  build-gosop:
+    name: Build gosop from branch
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Build gosop from branch
+        uses: ./.github/actions/build-gosop
+        with: 
+          binary-location: ./gosop-${{ github.sha }}
+      # Upload as artifact
+      - name: Upload gosop artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: gosop-${{ github.sha }}
+          path: ./gosop-${{ github.sha }}
+
+  build-gosop-main:
+    name: Build gosop from main
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Build gosop from branch
+        uses: ./.github/actions/build-gosop
+        with: 
+          go-crypto-ref: main
+          binary-location: ./gosop-main
+      # Upload as artifact
+      - name: Upload gosop-main artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: gosop-main
+          path: ./gosop-main
+
+
+  test-suite:
+    name: Run interoperability test suite
+    runs-on: ubuntu-latest
+    container: 
+      image: ghcr.io/protonmail/openpgp-interop-test-docker:v1.1.1
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ secrets.github_token }}
+    needs: 
+      - build-gosop
+      - build-gosop-main
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      # Fetch gosop from main
+      - name: Download gosop-main
+        uses: actions/download-artifact@v3
+        with:
+          name: gosop-main
+      # Test gosop-main
+      - name: Make gosop-main executable
+        run: chmod +x gosop-main
+      - name: Print gosop-main version
+        run: ./gosop-main version --extended
+      # Fetch gosop from branch
+      - name: Download gosop-branch
+        uses: actions/download-artifact@v3
+        with:
+          name: gosop-${{ github.sha }}
+      - name: Rename gosop-branch
+        run: mv gosop-${{ github.sha }} gosop-branch
+      # Test gosop-branch
+      - name: Make gosop-branch executable
+        run: chmod +x gosop-branch
+      - name: Print gosop-branch version
+        run: ./gosop-branch version --extended
+      # Run test suite
+      - name: Prepare test configuration
+        run: ./.github/test-suite/prepare_config.sh $CONFIG_TEMPLATE $CONFIG_OUTPUT $GITHUB_WORKSPACE/gosop-branch $GITHUB_WORKSPACE/gosop-main
+        env:
+         CONFIG_TEMPLATE: .github/test-suite/config.json.template
+         CONFIG_OUTPUT: .github/test-suite/config.json
+      - name: Display configuration
+        run: cat .github/test-suite/config.json
+      - name: Run interoperability test suite
+        run: cd $TEST_SUITE_DIR && $TEST_SUITE --config $GITHUB_WORKSPACE/$CONFIG --json-out $GITHUB_WORKSPACE/$RESULTS_JSON --html-out $GITHUB_WORKSPACE/$RESULTS_HTML
+        env:
+         CONFIG: .github/test-suite/config.json
+         RESULTS_JSON: .github/test-suite/test-suite-results.json
+         RESULTS_HTML: .github/test-suite/test-suite-results.html
+      # Upload results
+      - name: Upload test results json artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: test-suite-results.json
+          path: .github/test-suite/test-suite-results.json
+      - name: Upload test results html artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: test-suite-results.html
+          path: .github/test-suite/test-suite-results.html
+
+  compare-with-main:
+    name: Compare with main
+    runs-on: ubuntu-latest
+    needs: test-suite
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Download test results json artifact
+        id: download-test-results
+        uses: actions/download-artifact@v3
+        with:
+          name: test-suite-results.json
+      - name: Compare with baseline
+        uses: ProtonMail/openpgp-interop-test-analyzer@v1
+        with: 
+          results: ${{ steps.download-test-results.outputs.download-path }}/test-suite-results.json
+          output: baseline-comparison.json
+          baseline: gosop-main
+          target: gosop-branch
diff --git a/bitcurves/bitcurve.go b/bitcurves/bitcurve.go
@@ -191,7 +191,7 @@ func (bitCurve *BitCurve) doubleJacobian(x, y, z *big.Int) (*big.Int, *big.Int,
 	return x3, y3, z3
 }
 
-//TODO: double check if it is okay
+// TODO: double check if it is okay
 // ScalarMult returns k*(Bx,By) where k is a number in big-endian form.
 func (bitCurve *BitCurve) ScalarMult(Bx, By *big.Int, k []byte) (*big.Int, *big.Int) {
 	// We have a slight problem in that the identity of the group (the
@@ -239,7 +239,7 @@ func (bitCurve *BitCurve) ScalarBaseMult(k []byte) (*big.Int, *big.Int) {
 
 var mask = []byte{0xff, 0x1, 0x3, 0x7, 0xf, 0x1f, 0x3f, 0x7f}
 
-//TODO: double check if it is okay
+// TODO: double check if it is okay
 // GenerateKey returns a public/private key pair. The private key is generated
 // using the given reader, which must return random data.
 func (bitCurve *BitCurve) GenerateKey(rand io.Reader) (priv []byte, x, y *big.Int, err error) {

diff --git a/brainpool/brainpool_test.go b/brainpool/brainpool_test.go
@@ -46,4 +46,4 @@ func TestP512t1(t *testing.T) {
 
 func TestP512r1(t *testing.T) {
 	testCurve(t, P512r1())
-}
+}
diff --git a/brainpool/rcurve.go b/brainpool/rcurve.go
@@ -80,4 +80,4 @@ func (curve *rcurve) ScalarMult(x1, y1 *big.Int, scalar []byte) (x, y *big.Int)
 
 func (curve *rcurve) ScalarBaseMult(scalar []byte) (x, y *big.Int) {
 	return curve.fromTwisted(curve.twisted.ScalarBaseMult(scalar))
-}
+}
diff --git a/eax/eax.go b/eax/eax.go
@@ -67,7 +67,7 @@ func (e *eax) Seal(dst, nonce, plaintext, adata []byte) []byte {
 	if len(nonce) > e.nonceSize {
 		panic("crypto/eax: Nonce too long for this instance")
 	}
-	ret, out := byteutil.SliceForAppend(dst, len(plaintext) + e.tagSize)
+	ret, out := byteutil.SliceForAppend(dst, len(plaintext)+e.tagSize)
 	omacNonce := e.omacT(0, nonce)
 	omacAdata := e.omacT(1, adata)
 
@@ -85,7 +85,7 @@ func (e *eax) Seal(dst, nonce, plaintext, adata []byte) []byte {
 	return ret
 }
 
-func (e* eax) Open(dst, nonce, ciphertext, adata []byte) ([]byte, error) {
+func (e *eax) Open(dst, nonce, ciphertext, adata []byte) ([]byte, error) {
 	if len(nonce) > e.nonceSize {
 		panic("crypto/eax: Nonce too long for this instance")
 	}

diff --git a/go.mod b/go.mod
@@ -3,6 +3,6 @@ module github.com/ProtonMail/go-crypto
 go 1.13
 
 require (
-	github.com/cloudflare/circl v1.1.0 // indirect
-	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519
+	github.com/cloudflare/circl v1.3.3
+	golang.org/x/crypto v0.7.0
 )
diff --git a/go.sum b/go.sum
@@ -1,15 +1,46 @@
-github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
-github.com/cloudflare/circl v1.1.0 h1:bZgT/A+cikZnKIwn7xL2OBj012Bmvho/o6RpRvv3GKY=
-github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2 h1:It14KIkyBFYkHkwZ7k45minvA9aorojkyjGk9KJ5B/w=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
+github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
+github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac h1:oN6lz7iLW/YC7un8pq+9bOLyXrprv2+DKfkJY+2LJJw=
-golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/internal/byteutil/byteutil.go b/internal/byteutil/byteutil.go
@@ -41,7 +41,7 @@ func ShiftNBytesLeft(dst, x []byte, n int) {
 	bits := uint(n % 8)
 	l := len(dst)
 	for i := 0; i < l-1; i++ {
-		dst[i] = (dst[i] << bits) | (dst[i+1] >> uint(8 - bits))
+		dst[i] = (dst[i] << bits) | (dst[i+1] >> uint(8-bits))
 	}
 	dst[l-1] = dst[l-1] << bits
 
@@ -56,7 +56,6 @@ func XorBytesMut(X, Y []byte) {
 	}
 }
 
-
 // XorBytes assumes equal input length, puts X XOR Y into Z
 func XorBytes(Z, X, Y []byte) {
 	for i := 0; i < len(X); i++ {
@@ -67,10 +66,10 @@ func XorBytes(Z, X, Y []byte) {
 // RightXor XORs smaller input (assumed Y) at the right of the larger input (assumed X)
 func RightXor(X, Y []byte) []byte {
 	offset := len(X) - len(Y)
-	xored := make([]byte, len(X));
+	xored := make([]byte, len(X))
 	copy(xored, X)
 	for i := 0; i < len(Y); i++ {
-		xored[offset + i] ^= Y[i]
+		xored[offset+i] ^= Y[i]
 	}
 	return xored
 }
@@ -89,4 +88,3 @@ func SliceForAppend(in []byte, n int) (head, tail []byte) {
 	tail = head[len(in):]
 	return
 }
-